Re: [PATCH] Introduce AuthzSVNGroupsFile configuration option for mod_authz_svn

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Fri, 25 Jan 2013 10:30:00 +0000

Ivan Zhakov <ivan_at_visualsvn.com> writes:

> On Wed, Jan 23, 2013 at 7:27 PM, Evgeny Kotkov
> <evgeny.kotkov_at_visualsvn.com> wrote:
>> When AuthzSVNReposRelativeAccessFile directive is being used and
>> authorization rules are stored per-repository, it is usually required to
>> have a single set of groups for all repositories.
>>
>> In other words, there can be a 'developers' group, whose members should
>> have access to all repositories. To avoid the duplication of the 'developers'
>> group definition across multiple authz files, it would be great to have a
>> single place to define these groups.
>>
>> The attached patch adds the 'AuthzSVNGroupsFile' option to specify the
>> dedicated file where the group definitions are stored.
>>
> Committed in r1438407. Thanks!

Are administrators going to want both relative path and absolute path
versions of this directive?

I wonder if we should implement some sort of generic include mechanism
instead. Trac uses an INI compatible mechanism:

[inherit]
file = path/to/another/file

we could

[inherit]
file = path/to/another/file
relative_file = path/to/another/file

and combines the values from the other files with the current file.

I suppose this approach would break the meaning of existing authz files
already using '[inherit]'. Another approach would be to use some
non-INI syntax to define include files.

-- 
Certified & Supported Apache Subversion Downloads:
http://www.wandisco.com/subversion/download

Received on 2013-01-25 11:30:43 CET

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]